<?php
include '../common.php';
$a = $_GET['a'];
$id = $_GET['id'];

switch($a){
    case 'ack':
        $sql = "update ".PRE."order set status='2' where id='{$id}'";
        mysql_query($sql);
        header('Location:'.$_SERVER['HTTP_REFERER']);
        break;

    case 'rm':
		//恢复库存量
		$sql = "select goods_id,num from ".PRE."order_goods where order_id='{$id}'";
		$result = mysql_query($sql);
		while($row = mysql_fetch_assoc($result)){
			$goodslist[] = $row;
		}
		foreach($goodslist as $val){
			$sql = "update ".PRE."goods set store = store+'{$val['num']}' where id='{$val['goods_id']}'";
			mysql_query($sql);
		}

        //删除mbs_order_goods表中的商品
        $sql = "delete from ".PRE."order_goods where order_id='{$id}'";
	    mysql_query($sql);
	    //删除order表
	    $sql = "delete from ".PRE."order where id='{$id}'";
	    mysql_query($sql);
	    header('location:'.$_SERVER['HTTP_REFERER']);
        break;
		
	case 'update':
		$id = $_SESSION['home']['id'];
		$sex = $_POST['sex'];
		$tel = $_POST['tel'];
		$email = $_POST['email'];
		$address = $_POST['address'];
		$birthday = $_POST['birthday'];
		$sign = $_POST['sign'];
		
		$sql = "update ".PRE."user set sex='{$sex}',tel='{$tel}',email='{$email}',address='{$address}',birthday='{$birthday}',sign='{$sign}'  where id='{$id}'";
		mysql_query($sql);
		
		//上传头像
		if($_FILES['pic']['error'] != 4){
			$filename = upload('pic',PATH.'/upload/user/');
			if(!zoom(PATH.'/upload/user',$filename,200,200)){
					@unlink(PATH.'/upload/user'.$filename);
					exit(admin_jump('图片缩放失败','3','./add.php'));
				}
			//删除上传后的原尺寸的图片和原始头像（没用）
			@unlink(PATH.'/upload/user/'.$filename);
			$touxiang = $_POST['touxiang'];
			if($touxiang != 'default.jpg') @unlink(PATH.'/upload/user/'.$touxiang);
			
			$image = '200_'.$filename;
			$sql = "update ".PRE."user set touxiang='{$image}' where id='{$id}'" ;
			mysql_query($sql);
		}
		
		header('Location:user.php');
		break;
		
	case 'repwd':
		$oldpwd = md5($_POST['oldpwd']);
		$newpwd = $_POST['newpwd'];
		$repwd = $_POST['repwd'];
		
		//验证旧密码
		$sql = "select id from ".PRE."user where name='{$_SESSION['home']['name']}' and password='{$oldpwd}'";
		$result = mysql_query($sql);
		if(!($result && mysql_affected_rows()> 0) ) echo admin_jump('原始密码不匹配',3,$_SERVER['HTTP_REFERER']);
		if(empty($newpwd)) echo admin_jump('新密码不能为空',3,$_SERVER['HTTP_REFERER']);
		if($newpwd != $repwd) echo admin_jump('新密码两次输入不一致',3,$_SERVER['HTTP_REFERER']);
		$newpwd = md5($newpwd);
		$sql = "update ".PRE."user set password='{$newpwd}' where id='{$_SESSION['home']['id']}'";
		$result = mysql_query($sql);
		echo admin_jump('密码更新成功',0,'user.php');
		unset($_SESSION['home']);
		break;
		
	case 'comment':
		$user_name = $_SESSION['home']['name'];
		$goods_id = $_POST['gid'];
		$order_id = $_POST['oid'];
		$content = $_POST['content'];
		$time = time();
		$sql = "insert into ".PRE."comment(user_name,goods_id,order_id,addtime,content) values('{$user_name}','{$goods_id}','{$order_id}','{$time}','{$content}')";
		mysql_query($sql);
		header('Location:detail.php?id='.$order_id);
		break;
}
